PROVIDED AN EXCELLENT IT SECURITY POLICY WHICH CLEARLY, CONCISELY, AND ACCURATELY PRESENTS ALL REQUIRED INFORMATION (SEE OUTLINE IN ASSIGNMENT FOR SECTIONS, FIELDS, AND CONTENT REQUIREMENTS). PRESENTATION OF INFORMATION IS ORGANIZED IN A LOGICAL FASHION AND USES 3 OR MORE TABLES TO GROUP RELATED INFORMATION FOR PRESENTATION. ALL REQUIRED FIELDS UNDER EACH SECTION ARE LISTED AND FILLED IN (E.G. OWNER NAME IN ID SECTION HAS A NAME FILLED IN.)

18 POINTS

PROVIDED AN OUTSTANDING IT SECURITY POLICY WHICH CLEARLY AND ACCURATELY PRESENTS ALL REQUIRED INFORMATION (SEE OUTLINE IN ASSIGNMENT FOR SECTIONS, FIELDS, AND CONTENT REQUIREMENTS). PRESENTATION OF INFORMATION IS ORGANIZED IN A LOGICAL FASHION AND USES 2 OR MORE TABLES TO GROUP RELATED INFORMATION FOR PRESENTATION. ALL REQUIRED FIELDS UNDER EACH SECTION ARE LISTED AND FILLED IN (E.G. OWNER NAME IN ID SECTION HAS A NAME FILLED IN.) ONE OR TWO FIELDS MAY HAVE BEEN MISSING OR NOT FILLED IN.

16 POINTS

PROVIDED AN ACCEPTABLE IT SECURITY POLICY WHICH PRESENTS REQUIRED INFORMATION (SEE OUTLINE IN ASSIGNMENT FOR SECTIONS AND CONTENT REQUIREMENTS). PRESENTATION OF INFORMATION IS ORGANIZED IN A LOGICAL FASHION. REQUIRED INFORMATION IS PROVIDED IN THE LISTED FIELDS UNDER EACH SECTION (E.G. OWNER NAME IN ID SECTION HAS A NAME FILLED IN.) THREE OR FEWER FIELDS WERE MISSING OR NOT FILLED IN.

14 POINTS

PROVIDED AN IT SECURITY POLICY WHICH PRESENTS MOST OF THE REQUIRED INFORMATION (SEE OUTLINE IN ASSIGNMENT FOR SECTIONS AND CONTENT REQUIREMENTS). PRESENTATION OF INFORMATION WAS LACKING IN ORGANIZATION AND/OR FEWER THAN 5 FIELDS WERE MISSING OR NOT FILLED IN.

9 POINTS

ATTEMPTED TO PROVIDE AN IT SECURITY POLICY BUT CONTENT WAS SUBSTANTIALLY LACKING. FEWER THAN FIVE REQUIRED SECTIONS WERE PRESENTED.

PROVIDED AN EXCELLENT RISK IDENTIFICATION, ASSESSMENT, AND PRIORITIZATION FOR APT THREATS AGAINST THE DATA CENTER. RISK IDENTIFICATION INCLUDED AT LEAST FIFTEEN (15) SPECIFIC RISKS. THE RISK ASSESSMENT CLEARLY AND CONCISELY ADDRESSED THE POTENTIAL NEGATIVE IMPACTS OF APTS UPON THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF INFORMATION, INFORMATION SYSTEMS, AND INFORMATION INFRASTRUCTURE IN THE DATA CENTER.

RISK REGISTER TABLE CONTAINING ALL IDENTIFIED RISKS WAS INCLUDED IN THE RISK SECTION OF THE POLICY. TABLE WAS COMPLETE, CONCISE, AND ACCURATE.

APPROPRIATELY USED INFORMATION FROM 3 OR MORE AUTHORITATIVE SOURCES.

18 POINTS

PROVIDED AN OUTSTANDING RISK IDENTIFICATION, ASSESSMENT, AND PRIORITIZATION FOR APT THREATS AGAINST THE DATA CENTER. RISK IDENTIFICATION INCLUDED AT LEAST TEN (10) SPECIFIC RISKS. THE RISK ASSESSMENT CLEARLY AND CONCISELY ADDRESSED THE POTENTIAL NEGATIVE IMPACTS OF APTS UPON THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF INFORMATION, INFORMATION SYSTEMS, AND INFORMATION INFRASTRUCTURE IN THE DATA CENTER.

RISK REGISTER TABLE CONTAINING ALL IDENTIFIED RISKS WAS INCLUDED IN THE RISK SECTION OF THE POLICY. TABLE WAS COMPLETE AND ACCURATE.

APPROPRIATELY USED INFORMATION FROM 2 OR MORE AUTHORITATIVE SOURCES.

16 POINTS

PROVIDED AN ACCEPTABLE RISK IDENTIFICATION, ASSESSMENT, AND PRIORITIZATION FOR APT THREATS AGAINST THE DATA CENTER. RISK IDENTIFICATION INCLUDED AT LEAST SEVEN (7) SPECIFIC RISKS. THE RISK ASSESSMENT CLEARLY AND CONCISELY ADDRESSED THE POTENTIAL NEGATIVE IMPACTS OF APTS UPON THE CONFIDENTIALITY, INTEGRITY, AND AVAILABILITY OF INFORMATION, INFORMATION SYSTEMS, AND INFORMATION INFRASTRUCTURE IN THE DATA CENTER.

RISK REGISTER TABLE CONTAINING ALL IDENTIFIED RISKS WAS INCLUDED IN THE RISK SECTION OF THE POLICY. TABLE WAS COMPLETE.

APPROPRIATELY USED INFORMATION FROM ONE OR MORE AUTHORITATIVE SOURCES.

14 POINTS

PROVIDED A RISK REGISTER THAT INCLUDED 5 OR MORE RISKS. THE RISK ASSESSMENT ADDRESSED TWO OR MORE POTENTIAL NEGATIVE IMPACTS OF APTS WHICH WERE RELEVANT TO THE DATA CENTER'S ENVIRONMENT. SECURITY CONTROLS AND MITIGATION MEASURES WERE MENTIONED.

RISK REGISTER TABLE CONTAINING ALL IDENTIFIED RISKS WAS INCLUDED IN THE RISK SECTION OF THE POLICY. TABLE WAS COMPLETE, CONCISE, AND ACCURATE.

APPROPRIATELY USED INFORMATION FROM AUTHORITATIVE SOURCES.

11 POINTS

ATTEMPTED TO PROVIDE A RISK ASSESSMENT FOR APTS. RISK REGISTER PROVIDED BUT WAS INCOMPLETE.

MENTIONED INFORMATION FROM AUTHORITATIVE SOURCES

0 POINTS

REQUIRED CONTENT WAS MISSING OR UNACCEPTABLE.

POLICY SECTION: IMPLEMENTING APT BEST PRACTICES15 POINTS

ADDRESSED SEVEN OR MORE RECOMMENDED BEST PRACTICES FOR APT PREVENTION, DETECTION, AND ERADICATION. THESE BEST PRACTICES INCLUDE (BUT ARE NOT LIMITED TO):(A) MAINTAINING A LIST OF APPLICATION SYSTEMS AT RISK(B) CREATING AN APT CHECKLIST FOR ASSETS AT RISK(C) FOCUSING ON APT DETECTION TECHNIQUES AND ANALYSIS TOOLS(D) FOCUSING ON INCIDENT RESPONSE FOR APTS(E) CREATING READY TO USE APT RAPID RESPONSE TACTICS(F) PREPARING AN APT FORENSIC RESPONSE PLAN(G) INCREASING USE OF EXTERNAL THREAT INTELLIGENCE(H) FOCUSING ON APTS IN SECURITY AWARENESS TRAINING.

PROVIDED AN EXCELLENT SET OF POLICY STATEMENTS WHICH WILL ENSURE THAT THE SELECTED BEST PRACTICES ARE IMPLEMENTED.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE CLEAR, CONCISE, AND ACCURATE.

USED AND CITED AT LEAST THREE AUTHORITATIVE SOURCES.

14 POINTS

ADDRESSED SIX OR MORE RECOMMENDED BEST PRACTICES FOR APT PREVENTION, DETECTION, AND ERADICATION. THESE BEST PRACTICES INCLUDE (BUT ARE NOT LIMITED TO):(A) MAINTAINING A LIST OF APPLICATION SYSTEMS AT RISK(B) CREATING AN APT CHECKLIST FOR ASSETS AT RISK(C) FOCUSING ON APT DETECTION TECHNIQUES AND ANALYSIS TOOLS(D) FOCUSING ON INCIDENT RESPONSE FOR APTS(E) CREATING READY TO USE APT RAPID RESPONSE TACTICS(F) PREPARING AN APT FORENSIC RESPONSE PLAN(G) INCREASING USE OF EXTERNAL THREAT INTELLIGENCE(H) FOCUSING ON APTS IN SECURITY AWARENESS TRAINING.

PROVIDED AN OUTSTANDING SET OF POLICY STATEMENTS WHICH WILL ENSURE THAT THE SELECTED BEST PRACTICES ARE IMPLEMENTED.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE CLEAR AND ACCURATE.

USED AND CITED AT LEAST TWO AUTHORITATIVE SOURCES.

13 POINTS

ADDRESSED FIVE OR MORE RECOMMENDED BEST PRACTICES FOR APT PREVENTION, DETECTION, AND ERADICATION. THESE BEST PRACTICES INCLUDE (BUT ARE NOT LIMITED TO):(A) MAINTAINING A LIST OF APPLICATION SYSTEMS AT RISK(B) CREATING AN APT CHECKLIST FOR ASSETS AT RISK(C) FOCUSING ON APT DETECTION TECHNIQUES AND ANALYSIS TOOLS(D) FOCUSING ON INCIDENT RESPONSE FOR APTS(E) CREATING READY TO USE APT RAPID RESPONSE TACTICS(F) PREPARING AN APT FORENSIC RESPONSE PLAN(G) INCREASING USE OF EXTERNAL THREAT INTELLIGENCE(H) FOCUSING ON APTS IN SECURITY AWARENESS TRAINING.

PROVIDED AN ACCEPTABLE SET OF POLICY STATEMENTS WHICH WILL ENSURE THAT THE SELECTED BEST PRACTICES ARE IMPLEMENTED.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE APPROPRIATE.

USED AND CITED ONE OR MORE AUTHORITATIVE SOURCES.

11 POINTS

NAMED THREE OR MORE RECOMMENDED BEST PRACTICES FOR APT PREVENTION, DETECTION, AND ERADICATION.

PROVIDED POLICY STATEMENT OR STATEMENTS WHICH WILL ENSURE THAT THE SELECTED BEST PRACTICES ARE IMPLEMENTED.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE APPROPRIATE.

USED AND CITED AUTHORITATIVE SOURCES.

9 POINTS

MENTIONED BEST PRACTICES FOR APT PREVENTION, DETECTION, AND ERADICATION.

ATTEMPTED TO PROVIDE A POLICY STATEMENT OR STATEMENTS REQUIRING IMPLEMENTATION OF BEST PRACTICES..

0 POINTS

SECTION WAS MISSING OR DID NOT CONTAIN REQUIRED / RELEVANT INFORMATION.

POLICY SECTION: PROTECTIVE TECHNOLOGIES10 POINTS

IDENTIFIED 5 OR MORE TECHNOLOGIES WHICH COULD BE USED TO COMBAT APT THREATS THROUGH IMPROVEMENTS IN DETECTION, PREVENTION, AND ERADICATION. INTEGRATED THESE TECHNOLOGIES INTO POLICY STATEMENTS IN A CLEAR, CONCISE, AND ACCURATE MANNER.

8.5 POINTS

IDENTIFIED 4 OR MORE TECHNOLOGIES WHICH COULD BE USED TO COMBAT APT THREATS THROUGH IMPROVEMENTS IN DETECTION, PREVENTION, AND ERADICATION. INTEGRATED THESE TECHNOLOGIES INTO POLICY STATEMENTS IN A CLEAR AND ACCURATE MANNER.

7 POINTS

IDENTIFIED 3 OR MORE TECHNOLOGIES WHICH COULD BE USED TO COMBAT APT THREATS THROUGH IMPROVEMENTS IN DETECTION, PREVENTION, AND ERADICATION. INTEGRATED THESE TECHNOLOGIES INTO POLICY STATEMENTS IN AN APPROPRIATE MANNER.

6 POINTS

MENTIONED AT LEAST ONE TECHNOLOGY WHICH COULD BE USED TO COMBAT APT THREATS THROUGH IMPROVEMENTS IN DETECTION, PREVENTION, OR ERADICATION.

4 POINTS

ATTEMPTED TO PRESENT INFORMATION ABOUT TECHNOLOGY-BASED SOLUTIONS FOR COMBATING APTS.

OR, THIS SECTION WAS NOT WELL SUPPORTED BY INFORMATION FROM AUTHORITATIVE SOURCES.

0 POINTS

SECTION WAS MISSING OR DID NOT CONTAIN REQUIRED / RELEVANT INFORMATION.

PRESENTED 15 OR MORE POLICY STATEMENTS TO REQUIRE IMPLEMENTATION OF BEST PRACTICES, SECURITY CONTROLS, AND TECHNICAL COUNTER MEASURES (TECHNOLOGIES) TO COMBAT APTS IN THE DATA CENTER.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE CLEAR, CONCISE, AND ACCURATE.

USED AND CITED AT LEAST THREE AUTHORITATIVE SOURCES.

8.5 POINTS

PRESENTED 12 OR MORE POLICY STATEMENTS TO REQUIRE IMPLEMENTATION OF BEST PRACTICES, SECURITY CONTROLS, AND TECHNICAL COUNTER MEASURES (TECHNOLOGIES) TO COMBAT APTS IN THE DATA CENTER.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE CLEAR AND ACCURATE.

USED AND CITED AT LEAST TWO AUTHORITATIVE SOURCES.

7 POINTS

PRESENTED 10 OR MORE POLICY STATEMENTS TO REQUIRE IMPLEMENTATION OF BEST PRACTICES, SECURITY CONTROLS, AND TECHNICAL COUNTER MEASURES (TECHNOLOGIES) TO COMBAT APTS IN THE DATA CENTER.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS ARE APPROPRIATE.

USED AND CITED AUTHORITATIVE SOURCES.

6 POINTS

PRESENTED 5 OR MORE POLICY STATEMENTS TO REQUIRE IMPLEMENTATION OF BEST PRACTICES, SECURITY CONTROLS, AND TECHNICAL COUNTER MEASURES (TECHNOLOGIES) TO COMBAT APTS IN THE DATA CENTER.

POLICY STATEMENT(S) AND SUPPORTING EXPLANATIONS MAY BE LACKING IN DETAILS AND/OR RELEVANT INFORMATION.

MENTIONED AT LEAST ONE AUTHORITATIVE SOURCE.

4 POINTS

ATTEMPTED TO PRESENT A POLICY STATEMENT OR STATEMENTS ABOUT IMPLEMENTING MEASURES TO COMBAT APTS.

OR, THIS SECTION WAS NOT WELL SUPPORTED BY INFORMATION FROM AUTHORITATIVE SOURCES.

0 POINTS

SECTION WAS MISSING OR DID NOT CONTAIN REQUIRED / RELEVANT INFORMATION.

CREDITING SOURCES5 POINTS

WORK CREDITS ALL SOURCES USED IN A PROFESSIONAL MANNER USING APA FORMAT CITATIONS/REFERENCES, FOOT NOTES WITH PUBLICATION INFORMATION, OR END NOTES WITH PUBLICATION INFORMATION. PROVIDES A BIBLIOGRAPHY OR "WORKS CITED" IF NOT USING APA FORMAT. PUBLICATION INFORMATION IS SUFFICIENT TO RETRIEVE ALL LISTED RESOURCES.

4 POINTS

WORK CREDITS ALL SOURCES USED IN A PROFESSIONAL MANNER USING APA FORMAT CITATIONS/REFERENCES, FOOT NOTES WITH PUBLICATION INFORMATION, OR END NOTES WITH PUBLICATION INFORMATION. PROVIDES A BIBLIOGRAPHY OR "WORKS CITED" IF NOT USING APA FORMAT. ONE OR TWO MINOR INCONSISTENCIES OR ERRORS IN FORMAT. PUBLICATION INFORMATION IS SUFFICIENT TO RETRIEVE ALL LISTED RESOURCES.

3 POINTS

WORK CREDITS ALL SOURCES USED IN A PROFESSIONAL MANNER USING APA FORMAT CITATIONS/REFERENCES, FOOT NOTES WITH PUBLICATION INFORMATION, OR END NOTES WITH PUBLICATION INFORMATION. PROVIDES A BIBLIOGRAPHY OR "WORKS CITED" IF NOT USING APA FORMAT. FEWER THAN FIVE INCONSISTENCIES OR ERRORS IN FORMAT.PUBLICATION INFORMATION IS SUFFICIENT TO RETRIEVE ALL LISTED RESOURCES.

2 POINTS

WORK CREDITS MOST SOURCES USED IN A PROFESSIONAL MANNER.FEWER THAN TEN INCONSISTENCIES OR ERRORS IN FORMAT. PUBLICATION INFORMATION IS NOT SUFFICIENT TO RETRIEVE ONE OR TWO OF THE REQUIRED RESOURCES.

1 POINT

WORK ATTEMPTS TO CREDIT SOURCES IS UNPROFESSIONAL IN APPEARANCE AND/OR PUBLICATION INFORMATION IS NOT SUFFICIENT TO RETRIEVE THREE OR MORE RESOURCES.

0 POINTS

NOT INCLUDED OR NO SUBMISSION.

PROFESSIONALISM PART I: ORGANIZATION & APPEARANCE5 POINTS

SUBMITTED WORK SHOWS OUTSTANDING ORGANIZATION AND THE USE OF COLOR, FONTS, TITLES, HEADINGS AND SUB-HEADINGS, ETC. IS APPROPRIATE TO THE ASSIGNMENT TYPE.

4 POINTS

SUBMITTED WORK HAS MINOR STYLE OR FORMATTING FLAWS BUT STILL PRESENTS A PROFESSIONAL APPEARANCE. SUBMITTED WORK IS WELL ORGANIZED AND APPROPRIATELY USES COLOR, FONTS, AND SECTION HEADINGS (PER THE ASSIGNMENT’S DIRECTIONS).

3 POINTS

ORGANIZATION AND/OR APPEARANCE OF SUBMITTED WORK COULD BE IMPROVED THROUGH BETTER USE OF FONTS, COLOR, TITLES, HEADINGS, ETC. OR SUBMITTED WORK HAS MULTIPLE STYLE OR FORMATTING ERRORS. PROFESSIONAL APPEARANCE COULD BE IMPROVED.

2 POINTS

SUBMITTED WORK HAS MULTIPLE STYLE OR FORMATTING ERRORS. ORGANIZATION AND PROFESSIONAL APPEARANCE NEED SUBSTANTIAL IMPROVEMENT.

1 POINT

SUBMITTED WORK MEETS MINIMUM REQUIREMENTS BUT HAS MAJOR STYLE AND FORMATTING ERRORS. WORK IS DISORGANIZED AND NEEDS TO BE REWRITTEN FOR READABILITY AND PROFESSIONAL APPEARANCE.

0 POINTS

SUBMITTED WORK IS POORLY ORGANIZED AND FORMATTED. WRITING AND PRESENTATION ARE LACKING IN PROFESSIONAL STYLE AND APPEARANCE. WORK DOES NOT REFLECT COLLEGE LEVEL WRITING SKILLS. OR, NO SUBMISSION.

PROFESSIONALISM PART II: EXECUTION15 POINTS

NO FORMATTING, GRAMMAR, SPELLING, OR PUNCTUATION ERRORS.

14 POINTS

WORK CONTAINS MINOR ERRORS IN FORMATTING, GRAMMAR, SPELLING OR PUNCTUATION WHICH DO NOT SIGNIFICANTLY IMPACT PROFESSIONAL APPEARANCE.

13 POINTS

ERRORS IN FORMATTING, SPELLING, GRAMMAR, OR PUNCTUATION WHICH DETRACT FROM PROFESSIONAL APPEARANCE OF THE SUBMITTED WORK.

11 POINTS

SUBMITTED WORK HAS NUMEROUS ERRORS IN FORMATTING, SPELLING, GRAMMAR, OR PUNCTUATION. WORK IS UNPROFESSIONAL IN APPEARANCE.

4 POINTS

SUBMITTED WORK IS DIFFICULT TO READ / UNDERSTAND AND HAS SIGNIFICANT ERRORS IN FORMATTING, SPELLING, GRAMMAR, PUNCTUATION, OR WORD USAGE.

0 POINTS

SUBMITTED WORK IS POORLY EXECUTED OR DOES NOT REFLECT COLLEGE LEVEL WORK. OR, NO SUBMISSION

Overall ScoreEXCELLENT90 OR MOREOUTSTANDING80 OR MOREACCEPTABLE70 OR MORENEEDS IMPROVEMENT56 OR MORENEEDS SIGNIFICANT IMPROVEMENT36 OR MOREMISSING OR UNACCEPTABLE WORK0 OR MORE